Witness social tactics being used in about 20% of confirmed data breaches

As one would expect, email is the primary means of communication to the target (72%) followed by in-person deception (18%) and phone calls (12%), with a small amount of overlap across the three means of communication

Having net flow and other such data is invaluable for determining what actually happened

Scenario 1: Chinese company targets head design engineer and infects his system with malware, pivots, and extracts tons of sensitive IP from the network

Scenario 2: Someone clicks an infected link in the office that authorizes bank transfers. They get infected, and now a bunch of transfers are attempted

Scenario 3: Iterator-based web vuln allowed extraction of customer data, which lead to an extortion attempt. They went public to release the pressure of disclosure

Scenario 18: SQLi, password dumping malware, notification by the FBI that their systems were being used

Summary

These types of reports are fascinating.

Sure, there is usually some marketing of services. And it isn’t science where you’re getting perfect samples of the real world in a balanced way. But you are at least hearing about real incidents in the real world.